CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2051 CVE-2017-10860 426 Exec Code 2017-09-15 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
2052 CVE-2017-10859 426 +Priv 2017-09-15 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2053 CVE-2017-10858 426 +Priv 2017-09-15 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2054 CVE-2017-10855 426 +Priv 2017-09-15 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2055 CVE-2017-10851 426 +Priv 2017-09-01 2017-09-06
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2056 CVE-2017-10850 426 +Priv 2017-09-01 2017-09-14
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2057 CVE-2017-10849 426 +Priv 2017-09-01 2017-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2058 CVE-2017-10848 426 +Priv 2017-09-01 2017-09-06
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2059 CVE-2017-10845 264 2017-09-15 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.
2060 CVE-2017-10836 426 +Priv 2017-08-28 2017-09-01
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2061 CVE-2017-10832 78 Exec Code 2017-08-28 2017-08-31
10.0
None Remote Low Not required Complete Complete Complete
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
2062 CVE-2017-10831 426 +Priv 2017-08-28 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2063 CVE-2017-10830 426 +Priv 2017-08-28 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2064 CVE-2017-10829 426 +Priv 2017-09-01 2017-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2065 CVE-2017-10828 426 +Priv 2017-08-28 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2066 CVE-2017-10827 426 +Priv 2017-08-28 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2067 CVE-2017-10826 426 +Priv 2017-08-28 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2068 CVE-2017-10824 426 +Priv 2017-08-18 2017-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2069 CVE-2017-10823 426 +Priv 2017-08-18 2017-08-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2070 CVE-2017-10822 426 +Priv 2017-08-18 2017-08-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2071 CVE-2017-10821 426 +Priv 2017-08-18 2017-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2072 CVE-2017-10820 426 +Priv 2017-08-04 2017-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2073 CVE-2017-10812 426 +Priv 2017-08-28 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2074 CVE-2017-10784 287 Exec Code 2017-09-19 2018-10-31
9.3
None Remote Medium Not required Complete Complete Complete
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
2075 CVE-2017-10700 77 Exec Code 2017-09-19 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.
2076 CVE-2017-10622 264 Bypass 2017-10-13 2017-11-02
10.0
None Remote Low Not required Complete Complete Complete
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher.
2077 CVE-2017-10601 287 2017-07-17 2017-07-26
10.0
None Remote Low Not required Complete Complete Complete
A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2.
2078 CVE-2017-9970 434 Exec Code 2018-02-12 2018-03-09
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution.
2079 CVE-2017-9944 284 2017-12-27 2018-01-17
10.0
Admin Remote Low Not required Complete Complete Complete
A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.
2080 CVE-2017-9861 74 2017-08-05 2017-08-21
9.0
None Remote Low Not required Partial Partial Complete
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
2081 CVE-2017-9860 284 2017-08-05 2017-08-21
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by "a final integrity and compatibility check." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
2082 CVE-2017-9828 77 Exec Code 2017-06-23 2017-07-05
10.0
None Remote Low Not required Complete Complete Complete
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.
2083 CVE-2017-9811 20 2017-07-17 2017-08-11
10.0
None Remote Low Not required Complete Complete Complete
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
2084 CVE-2017-9807 94 Exec Code 2017-06-21 2017-10-12
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.
2085 CVE-2017-9772 264 Exec Code 2017-06-23 2017-10-09
10.0
None Remote Low Not required Complete Complete Complete
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.
2086 CVE-2017-9769 264 2017-08-02 2017-08-11
10.0
None Remote Low Not required Complete Complete Complete
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
2087 CVE-2017-9725 264 2017-09-21 2018-04-18
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.
2088 CVE-2017-9724 264 2017-09-21 2017-09-26
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.
2089 CVE-2017-9685 416 2017-08-18 2017-08-26
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.
2090 CVE-2017-9678 119 Overflow Mem. Corr. 2017-08-18 2017-08-21
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().
2091 CVE-2017-9648 427 Exec Code 2017-08-14 2017-08-24
9.3
None Remote Medium Not required Complete Complete Complete
An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.
2092 CVE-2017-9646 427 Exec Code 2017-08-14 2017-08-24
9.3
None Remote Medium Not required Complete Complete Complete
An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.
2093 CVE-2017-9638 119 DoS Exec Code Overflow 2018-04-17 2018-05-18
10.0
None Remote Low Not required Complete Complete Complete
Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
2094 CVE-2017-9636 119 DoS Exec Code Overflow 2018-04-17 2018-05-18
10.0
None Remote Low Not required Complete Complete Complete
Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
2095 CVE-2017-9634 787 DoS Exec Code 2018-04-17 2018-05-18
10.0
None Remote Low Not required Complete Complete Complete
Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
2096 CVE-2017-9629 119 Exec Code Overflow 2017-07-07 2017-07-13
10.0
None Remote Low Not required Complete Complete Complete
A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.
2097 CVE-2017-9542 287 Bypass 2017-06-11 2017-06-22
10.0
None Remote Low Not required Complete Complete Complete
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.
2098 CVE-2017-9483 264 2017-07-30 2017-08-02
10.0
Admin Remote Low Not required Complete Complete Complete
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands.
2099 CVE-2017-9482 264 2017-07-30 2017-08-02
10.0
Admin Remote Low Not required Complete Complete Complete
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session.
2100 CVE-2017-9479 264 Exec Code 2017-07-30 2017-08-02
10.0
Admin Remote Low Not required Complete Complete Complete
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.